Data Protection for Organisations
Data Protection for Organisations
Find under this section relevant information regarding personal data processing, how to comply with the Data Protection legislation, and much more.
Basically, in order to process personal data, organisations must have a lawful reason. The lawful reasons for processing personal data are set out in Article 6 of the GDPR.
There are six lawful reasons for processing personal data that the controller must ensure to demonstrate:
1. Consent.
2. To carry out a contract.
3. In order for an organisation to meet a legal obligation.
4. Where processing the personal data is necessary to protect the vital interests of a person.
5. Where processing the personal data is necessary for the performance of a task carried out in the public interest.
6. In the legitimate interests of a company/organisation (except where those interests contradict or harm the interests or rights and freedoms of the individual)*.
Any one of the six reasons given above can, generally speaking, provide a legal reason for processing personal data.